Last month, a seminar was held locally with many of the information security professionals in our area and an expert spoke of the necessity of having the ISO 27001 certification. After the formal presentation, this person was answering several pointed questions. One of those queries was about using vendors who also have the ISO 27001 certification and the specialist stated the cost of using a company that did not also have the security standard was going to be sizable. The organization was going to have to allocate resources to implement the same ISO controls at the vendor’s location that they were using at their site to meet their security plan.

We saw the similar situation years ago in our area when large manufacturing companies were getting their ISO 9001 certification and then they required their suppliers to be ISO certified. In many ways, it was the only way for the larger company to control its quality processes was to have the entire network of businesses to follow suit by conforming and executing to documented controls.

At TechR2, we are the leader in the data destruction industry with the process control systems in place to meet the ISO 27001, ISO 9001, ISO 14001, and ISO 45001. Our comprehensive plan begins with an ISO 27001 compliant risk assessment at your facility.  Upon your request, we can integrate an entire spectrum of data security processes for retired, failed and off-network media – creating an onsite audit trail, onsite containment, and onsite reconciliation.